Today's desktop systems, predominantly application-based, run numerous unvetted, unsandboxed services. This complexity exposes them to security vulnerabilities. Due to constraints like financial resources and rapid development timelines, it's impractical to formally verify all software, leaving them susceptible to bugs and security breaches. Additionally, existing operating systems like Linux, Windows NT, and Darwin are not designed for easy integration of verification processes, making them challenging to secure post-development. There is too much code with complicated dependencies to verify.
Sandboxing desktop software is a challenging task in that we should balance isolating different applications while allowing enough data transfer between interfaces for a seamless user experience since different components need to work seamlessly together. Therefore, it is important to optimize setting boundary lines among different desktop applications and system services. This process cannot be automated and abstracted away since users run countless different applications serving different functionalities on a desktop on a daily basis. Current desktop systems need more reliability as well as security–it’s the client to everything users do.
The challenge we intend to solve has already been solved in operating systems in IoT/embedded systems and mobile devices such as Android and iOS. Our mission is to introduce this solution to the desktop environment.